I am trying to understand all of these concepts in the past few days but unable to grasp it.
Normally, when you have an API key, with an environmental variable, you can access it and get the data, so in this case why do we need additional Security Rules?
Also in the Rules Playground section, there is a bigger confusion like "Authentication" section. Not sure why there are a lot of options to choose from like twitter, github, google etc.
All I am trying to do is to create a production server where I can store data that are submitted as form and I am really overwhelmed in the past few days about these concepts.
There are tons of tutorials and videos but I did not come across a single one of that which properly explains all of these things in one place and show it with their code. Bunch of pep talking and then setting rules like allow read, write: if true. If I have an API key, how everyone on the planet can access with this rule? Can anyone explain these?
